Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pentest Criteria
From: Pete Herzog <lists () isecom org>
Date: Sun, 05 Sep 2010 20:36:30 +0200

What if a client wants criteria reported as well. I'm not sure if there
is one I can use without running the risk of it being too far removed.
Is there a frame work or best practice which lends itself to pentests?
Or do I have to try to layer NIST on top of it


OSSTMM 3 does exactly that. Currently it's being reviewed to either include in the ISO27000 series or be its own ISO. It has operational security metrics which allow you to rate vulnerabilities on what they do and it works very very well for pen test.


Pete Herzog - Managing Director - pete () isecom org
ISECOM - Institute for Security and Open Methodologies
www.isecom.org - www.osstmm.org
www.hackerhighschool.org - www.badpeopleproject.org

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]